Monday 06 July 2026 08:07:35 GMT+02:00

Netcrook

HomeManifesto
News
Techcrook
Geocrook
WikicrookTeamAppContact
EnglishItalianoArabic

Cyber Warfare & Nation-State Operations

“Wipeout Warfare”: Inside the Iranian-Linked Cyber Assaults Targeting Israel and the West

Published: 13 March 2026 07:30Category: Cyber Warfare & Nation-State OperationsGeo: Middle EastAuthor: AGONY

Subtitle: A shadowy threat group tied to Iran is unleashing devastating wiper malware attacks, erasing systems and escalating the cyber conflict across borders.

It was a quiet morning at a Tel Aviv tech firm-until screens abruptly went black, servers refused to boot, and years of data vanished. The culprit? Not ransomware, but something far more ruthless: wiper malware, deployed by a group now known as Handala Hack. Their mission isn’t extortion. It’s obliteration.

The Anatomy of a Destructive Campaign

Handala Hack, known by aliases such as Void Manticore and Storm-1084, emerged amid the recent surge in regional conflict, swiftly shifting from “hacktivist” posturing to government-backed sabotage. Security researchers now widely attribute the group’s operations to Iran’s Ministry of Intelligence and Security (MOIS), with evidence mounting from both Israeli and Western intelligence agencies.

Unlike ransomware gangs, whose attacks are driven by profit, Handala’s motive is pure destruction. Their weapon of choice: wiper malware, which doesn’t encrypt files for ransom but instead erases them entirely-along with operating systems and device configurations. For victims, recovery is often impossible without robust backups.

The group’s tactics are as cunning as they are devastating. Rather than exploiting software bugs, Handala Hack specializes in identity-based attacks. Through phishing campaigns, they steal real employee credentials, then infiltrate corporate networks using legitimate tools such as Microsoft Intune and Entra ID. With admin-level access, attackers can remotely issue “wipe” or “factory reset” commands, deleting servers and entire fleets of devices in minutes-all while blending in with normal IT operations.

This approach makes detection fiendishly difficult. Security tools may not flag the activity, since it’s performed using authorized accounts and enterprise management platforms. According to Unit 42 researchers, the group’s recent attacks have crippled organizations in Israel and the US, with warning signs that more Western targets could be next as tensions escalate.

Defending Against the Unthinkable

Faced with this new breed of cyber threat, experts urge organizations to rethink their defenses. Recommendations include eliminating standing administrative privileges, adopting just-in-time access, and reducing the number of high-level admin accounts. Multi-factor authentication and dedicated secure workstations for admin tasks are also essential.

Crucially, organizations should monitor for unusual admin actions-such as mass device wipes-and maintain immutable, offline backups to enable recovery after an attack. As the geopolitical cyber battlefield expands, vigilance and preparation are the best shields against wiper-driven devastation.

Conclusion

Handala Hack’s wave of wiper attacks marks a chilling evolution in state-sponsored cyber warfare-one where the goal is not profit, but paralysis. As digital and geopolitical lines blur, the question is no longer if, but when, more organizations will find themselves in the crosshairs of destructive campaigns. For defenders, the time to act is now.

WIKICROOK

  • Wiper Malware: Wiper malware is malicious software that permanently deletes or corrupts files, making recovery impossible and causing severe data loss or system disruption.
  • Phishing: Phishing is a cybercrime where attackers send fake messages to trick users into revealing sensitive data or clicking malicious links.
  • Privilege Escalation: Privilege escalation occurs when an attacker gains higher-level access, moving from a regular user account to administrator privileges on a system or network.
  • Microsoft Intune: Microsoft Intune is a cloud-based tool for managing and securing devices, apps, and users, helping organizations protect data and ensure compliance.
  • Multi: Multi refers to using a combination of different technologies or systems-like LEO and GEO satellites-to improve reliability, coverage, and security.